Blog on SaaSForge

Spring Modulith in Practice: From Code to Living Architecture Diagrams

Mon, 04 May 2026 00:00:00 +0000

Your architecture diagram in Confluence is six months stale. The one on the wiki still shows the Auth module that was merged into User back in January. The whiteboard in the meeting room? Someone erased it to draw a sprint retrospective.

Architecture documentation has a fundamental problem: it’s maintained by humans, and humans forget. The code changes daily. The diagrams change when someone remembers. Eventually, the gap becomes so large that everyone stops trusting the diagrams and starts reading the code directly — which defeats the purpose of having diagrams at all.

Kamal vs Flux CD: Simplicity or Resilience — Pick One

Mon, 27 Apr 2026 00:00:00 +0000

Your container crashed at 3 AM. With Flux CD, the cluster noticed, restarted the pod, and reconciled the desired state from Git. You found out from a Slack notification over morning coffee. With Kamal — nobody noticed. Your app has been down for four hours. The first person to notice was a customer, and they didn’t file a bug report. They just left.

This is the fundamental difference between Kamal and Flux CD, and it matters more than most “versus” articles admit. It’s not about which tool is “better.” It’s about whether your deployment tool is responsible for keeping your app running, or just for putting it there.

Spring Modulith in Practice: Enforcing Architecture in a Growing Monolith

Mon, 20 Apr 2026 00:00:00 +0000

Every growing Spring Boot application reaches a point where someone draws module boundaries on a whiteboard. Boxes with clean arrows. “Venue depends on Site but not on User internals.” Everyone nods. Two sprints later, a developer imports a repository from a module they shouldn’t depend on because it’s the fastest way to fix a bug. Nobody catches it in review. The whiteboard diagram is now fiction.

Spring Modulith turns those whiteboard arrows into build failures.

Mise vs SDKMAN: Why I'm Switching After Years of .sdkmanrc

Fri, 17 Apr 2026 00:00:00 +0000

A colleague mentioned Mise today. I’ve been a loyal SDKMAN user for years — .sdkmanrc in every project, sdk use java 21.0.2-tem committed to muscle memory. It works, it’s reliable, I’ve never had a reason to look elsewhere.

Then I actually looked at what Mise does, and I’m not sure I can go back.

The Problem with One Tool per Language

SDKMAN manages JDKs (and Gradle, Maven, and a few other JVM tools). It does that well. But my projects don’t just need Java:

How We Use Claude Code Skills to Codify Our Development Patterns

Thu, 16 Apr 2026 00:00:00 +0000

Every codebase has patterns. The way you write tests, structure components, wire up APIs — these conventions live in your team’s collective memory, scattered across code reviews, onboarding docs, and tribal knowledge. When you bring an AI coding assistant into the mix, it doesn’t know any of this. It will write perfectly valid code that violates every convention you’ve established.

Claude Code Skills solve this by letting you encode your patterns as reusable templates that Claude automatically picks up when the context is right.

Observing and Optimizing Your GraphQL API

Thu, 09 Apr 2026 00:00:00 +0000

Part 7 of the “Production GraphQL with Netflix DGS” series — Bonus: Operations

GraphQL APIs are invisible to traditional monitoring. Every request hits the same /graphql endpoint, returns HTTP 200 (even with errors in the body), and carries no URL-based context for your dashboards. If you monitor a GraphQL API the same way you monitor REST, you’re flying blind.

This article covers the observability and optimization layer that sits above your DGS backend: federation with a GraphQL router, client identification, operation-level metrics, error classification, schema analytics, and performance optimization techniques that prevent your API from becoming a bottleneck.

Type-Safe GraphQL on the Frontend

Thu, 02 Apr 2026 00:00:00 +0000

Part 6 of 7 in the “Production GraphQL with Netflix DGS” series — Bonus: The Client Side

The previous five articles covered the backend: schema design, data loaders, security, subscriptions, and scaling. But type safety doesn’t stop at the API boundary. This article covers how to carry that safety all the way to the Vue (or React) component — and how fragment design prevents the silent performance killer that is overfetching.

DGS at Scale: Testing, Schema Evolution, and Federation

Thu, 26 Mar 2026 00:00:00 +0000

Part 5 of 7 in the “Production GraphQL with Netflix DGS” series

Building a GraphQL API is one thing. Running hundreds of operations in production, testing them reliably, and evolving the schema without breaking clients — that’s where the real engineering starts. This final article covers the practices that matter when your DGS API grows beyond a handful of queries.

Testing DGS Components

DGS data fetchers are Spring beans with injected dependencies. This makes them straightforward to unit test — mock the dependencies, call the method, assert the result.

Virtual Threads Did Not Kill WebFlux

Mon, 23 Mar 2026 00:00:00 +0000

Every few months, someone posts a benchmark showing that virtual threads handle 100,000 concurrent requests with simple imperative code, and concludes that WebFlux is obsolete. The comments fill with “finally, no more reactive spaghetti.” Managers forward the article to their teams: “Can we rewrite this in virtual threads?”

No. Well — it depends on what “this” does. But probably no.

Virtual threads and WebFlux solve different problems. The confusion comes from the fact that they both appear in the sentence “handle many concurrent requests efficiently.” But that’s like saying a hammer and a screwdriver are competitors because they both “join things together.”

Real-time and Reactive Patterns with Netflix DGS

Thu, 19 Mar 2026 00:00:00 +0000

Part 4 of 7 in the “Production GraphQL with Netflix DGS” series

REST APIs are request-response: the client asks, the server answers, the connection closes. GraphQL subscriptions break that pattern — the server pushes updates to the client as they happen. This article covers how DGS implements subscriptions, how reactive types work throughout the framework, and how to observe it all in production.

GraphQL Subscriptions

Subscriptions let clients receive a stream of updates over a persistent connection. Common use cases: live scoreboards, progress tracking, notifications, collaborative editing.

Stop Demolishing the House to Change the Furniture: Why GitOps Beats Push-Based Deployment

Mon, 16 Mar 2026 00:00:00 +0000

You want to deploy a new version of your API. A one-line change: bump the image tag from v1.4.2 to v1.4.3. With a GitOps setup, you push to Git, and 30 seconds later the cluster has reconciled. With the push-based approach I keep seeing in production — Helm charts published by Terraform — you run a pipeline that plans the entire infrastructure, evaluates every resource, waits for approval, and then applies the change. That’s demolishing the house to change the furniture.

Securing Your GraphQL API with Netflix DGS

Thu, 12 Mar 2026 00:00:00 +0000

Part 3 of 7 in the “Production GraphQL with Netflix DGS” series

GraphQL gives clients extraordinary flexibility — they choose which fields to fetch, how deeply to nest, and how many operations to batch. That flexibility is also your attack surface. This article covers the three layers of defense every production GraphQL API needs: authentication and authorization, error sanitization, and query abuse protection.

Layer 1: Authentication and Authorization

DGS runs inside Spring Boot, which means Spring Security’s full toolkit is available. The most practical pattern is @PreAuthorize annotations directly on DGS methods.

Testing Axon 5 Aggregates with Spock: A Practical Guide

Mon, 09 Mar 2026 00:00:00 +0000

Axon Framework’s event-sourcing model pairs naturally with Spock’s expressive given-when-then style. Yet most examples online show JUnit. This guide covers how to test an Axon 5 aggregate’s full state machine using Spock and AxonTestFixture.

The Domain: An Order Aggregate

We’ll use a simple order lifecycle:

stateDiagram-v2 [*] --> CREATED CREATED --> CONFIRMED: confirm CONFIRMED --> SHIPPED: ship SHIPPED --> DELIVERED: deliver CREATED --> CANCELLED: cancel CONFIRMED --> CANCELLED: cancel

The aggregate tracks status via @EventSourcingHandler methods that replay stored events:

Solving N+1 with Data Loaders and Field Resolvers

Thu, 05 Mar 2026 00:00:00 +0000

Part 2 of 7 in the “Production GraphQL with Netflix DGS” series

GraphQL gives clients the power to ask for exactly the data they need. That’s its strength — and its trap. Without careful backend design, a single query can trigger hundreds of database calls. This article shows how DGS data loaders and field resolvers prevent that from happening.

The N+1 Problem, Visualized

Consider a simple query that fetches orders with their products:

Schema-First GraphQL with Netflix DGS

Thu, 26 Feb 2026 00:00:00 +0000

Part 1 of 7 in the “Production GraphQL with Netflix DGS” series

If you’re building a GraphQL API with Spring Boot, you’ve probably noticed two major frameworks competing for your attention: Netflix DGS and Spring for GraphQL. For years, teams had to pick a side. That choice no longer exists — and the story of how these frameworks merged is worth understanding before you write your first @DgsQuery.

Two Frameworks Become One

Netflix open-sourced the Domain Graph Service (DGS) framework in 2021. It was battle-tested at Netflix scale — hundreds of services, thousands of queries — and it offered something Spring didn’t have at the time: a polished, annotation-driven programming model for GraphQL.

The Silent Metadata Gap: Why Your Axon 5 Events Have No User Attribution

Wed, 25 Feb 2026 00:00:00 +0000

When we migrated from Axon Framework 4 to 5, we carefully updated aggregates to use EventAppender, rewrote command handlers with static factory methods, and adjusted our event sourcing handlers. Everything compiled. Tests passed. Events flowed. Then during an internal QA round, we spotted something odd: the aggregate history timeline showed events with no author — just timestamps and event types floating in a void.

The root cause? Axon command metadata does not automatically propagate to events. And when you’re focused on the big Axon 5 migration changes, this is exactly the kind of thing that slips through.

Your MCP Server Works Locally. Then Kubernetes Kills the Session.

Mon, 23 Feb 2026 00:00:00 +0000

We’re running a Spring AI MCP server in production on GKE. It serves Claude Code as a client, exposing 60+ tools for managing climbing data — sites, routes, venues, the works. The auth layer is solid: JWT tokens persisted in PostgreSQL, dual validation (HS256 service tokens, RS256 OAuth user tokens), revocation checks on every request.

Then, intermittently, Claude Code starts throwing this:

Session not found: f4456324-79fb-4d84-ab2b-eebf27c5a475

The token is valid. The server is up. The endpoint responds. But the session is gone.

Replacing Flux Bootstrap with the Flux Operator: GitOps on Autopilot Mode

Fri, 20 Feb 2026 00:00:00 +0000

Managing Flux CD in production used to mean running flux bootstrap, committing hundreds of lines of generated YAML, and then manually coordinating upgrades across clusters. With the Flux Operator, all of that is replaced by a single Kubernetes custom resource — the FluxInstance — that declares your entire Flux installation as code.

In this post, we walk through how we migrated from the traditional Flux bootstrap approach to the Flux Operator on a GKE Autopilot cluster, managed entirely with Terraform.

Propagating User Identity in Axon 5 Query Handlers

Wed, 18 Feb 2026 00:00:00 +0000

Update (March 2026): We’ve raised this as an issue with the Axon Framework team. The core problem — ReactiveSecurityContextHolder being empty inside @QueryHandler — is now tracked as GitHub issue #4207. See the update section below.

During internal testing of our latest release, we hit a puzzling bug: owners couldn’t see their own entities on a management page. The error message was simply “Unable to load” — despite the record clearly existing in the database.

Migrating from Axon Framework 4 to 5: What We Learned

Mon, 16 Feb 2026 00:00:00 +0000

We run a CQRS/Event Sourcing backend — now happily on Java 25, Spring Boot 4, and Axon Framework 5. But getting here from Axon 4.12 was a journey. The codebase has dozens of aggregates, multiple sagas, over a hundred event types, and hundreds of annotated handler methods.

Here’s what we learned along the way.

Why We Wanted Axon 5

The motivation was simple: native reactive support in event handlers.

Axon 4.x has a well-known issue with subscribing event processors. When an @EventHandler returns a Mono<Void>, the framework never subscribes to it. The reactive chain simply doesn’t execute. We discovered this the hard way when projection handlers silently stopped writing to the database.

Why OpenTelemetry Beats Vendor-Locked APM Agents

Sat, 14 Feb 2026 00:00:00 +0000

If you’ve ever tried to swap out your APM vendor, you know the pain. Proprietary agents from Datadog, Dynatrace, or New Relic weave themselves deep into your deployment pipeline — different binary agents for each language, vendor-specific configuration, custom SDKs in your application code. Switching means ripping it all out and starting over.

OpenTelemetry offers a fundamentally different approach: one open standard to instrument everything, with the freedom to send telemetry data wherever you want.